Qbot — Office (OOXML) / .XLSX malware analysis

Static analysis result for SHA-256 41ac363777928092…

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300
MD5: ca2f36e8bd77c9600ab7dccdeb6abc2c SHA-1: a68c6f87969c4bbf0ea5d34ac1c24c888ab960fe SHA-256: 41ac363777928092e0fd03652e1efb59dd199998a41b7ef957e65ba021141598
60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly indicating it is a Qbot dropper. The file type is an Excel spreadsheet, commonly used for delivering malicious macros. The primary attack pattern involves tricking users into opening the document, which then executes embedded malicious code to download and run the Qbot malware.

Heuristics 1

  • ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.